Vendor Risk Assessment:Conduct thorough due diligence on potential third-party vendors to assess their cyber security, Data privacy, operational capabilities, and compliance with legal and regulatory requirements.
Due Diligence:Perform due diligence reviews of vendors, including reviewing security policies, audit reports, and compliance documentation.
Documentation and Reporting:Maintain comprehensive documentation of risk assessments, findings, processes, and recommendations.
Prepare reports for management and stakeholders on third-party risk status including critical data breaches, security incidents, and service disruptions.
Policy Development:Assist in the development and implementation of third-party risk management policies and procedures in line with industry best practices and regulatory requirements.
Training and Awareness: Provide training and support to internal teams on third-party risk management practices and the importance of vendor assessments.
Collaboration: Collaborate with various departments, including IT, legal, compliance, and procurement, to ensure a cohesive approach to third-party risk management. Support internal and external audits related to vendor cybersecurity.
Security Questionnaire Response:Responds to information security-related questions, RFPs, RFIs SIG, and inquiries using established information security tools and procedures.
Requirements:
Strong knowledge of information security and cybersecurity, including control testing, network security, and infrastructure assessments.
Bachelors degree in information technology, Computer Science, or a related/applicable field.
Have4-5 years of work experiencerelated to Risk Management, procurement, and third-party risk management.
2+ yearsof experience in a team management role.
Experience in assessing cloud security and application security for third-party vendors.
Good knowledge of ISO 27001 ISO 27701 SOC 1 SOC 2 CPRA, GDPR, and PCI DSS.
Certified CRiSP/ISO 27001/ISO 27701 Lead Auditor.
Excellent written and verbal communication skills.
